TMC NEWS

TMCNET eNEWSLETTER SIGNUP

Red Hat Adds New NIST Certification for OpenSCAP, Expands Footprint for Open IT Security Standards

[March 17, 2017]

Red Hat Adds New NIST Certification for OpenSCAP, Expands Footprint for Open IT Security Standards

Red Hat (News - Alert), Inc. (NYSE: RHT), the world's leading provider of open source
solutions, today announced that OpenSCAP 1.2, an open source Security
Content Automation Protocol (SCAP) scanner, has been certified by the
National Institute of Standards and Technology as a U.S. government
evaluated configuration and vulnerability scanner for Red Hat Enterprise
Linux 6 and 7-based systems. This certification shows that OpenSCAP can
analyze and evaluate security automation content correctly and has the
functionality and documentation required by NIST to run in sensitive,
security-conscious environments.

A synthesis of interoperable specifications based on in-depth community
collaboration, SCAP provides an overarching security format that
security vendors supporting the standard can use. The standard defines
common operations for security scanners, providing for security content
that can be written once and run on another certified scanner, enabling
repeatable security assessments to be done more quickly and continuously
for policy compliance. Created more than five years ago, OpenSCAP
is an open source, joint initiative between the National Security
Agency, Red Hat, and the broader open source community to address these
standards.

In the U.S., the General Services Administration (GSA (News - Alert)) requires that
technologies included in blanket purchase agreements for vulnerability
and configuration management products have formal NIST SCAP
certification (Special
Notice QTA0-08-HC-B-003). Recently, this requirement has been
expressed in product requirements in support of the DHS Continuous
Diagnostics and Mitigation (CDM) program.

With the new NIST certification, Red Hat customers required to use SCAP
for regulatory reasons, or in support of DHS CDM, no longer need to
request waivers or exemptions for their Red Hat environments. The
OpenSCAP certification extends across the Red Hat portfolio and
encompasses:

Red Hat Enterprise Linux: In addition to providing OpenSCAP as
a system administration tool, OpenSCAP has been integrated directly
into the Red Hat Enterprise Linux installer. Systems can now operate
in continuous security compliance from deployment through end of their
lifecycle.

Atomic Scan: Delivered as part of Red Hat Enterprise Linux
Atomic Host, Atomic Scan is the first NIST-certified configuration and
vulnerability scanner for Linux Containers. Atomic Scan is capable of
scanning container registries, even when containers are offline, using
container introspection.

SCAP Workbench: A graphical utility built for system
administrators and security officers to more easily tailor and
customize SCAP-based security profiles, without requiring in-depth
knowledge of the underlying SCAP standards.

In addition to natively providing OpenSCAP tooling in Red Hat Enterprise
Linux and associated system management offerings, Red Hat provides the
underlying development libraries for OpenSCAP. With these libraries,
independent software vendors (ISVs) can embed NIST-certified
configuration and vulnerability scanning into their applications built
for Red Hat Enterprise Linux, extending these capabilities across bare
metal, virtualized, and container deployments.

"Continuous,
repeatable scanning processes are key to keeping modern,
increasingly-complex computing environments more secure and safe, and
open standards help to make these processes achievable. NIST's new
certification of OpenSCAP on the world's leading enterprise Linux
platform provides a flexible, powerful SCAP scanner built on open
standards, making it easier for agencies and other organizations to add
verifiable, repeatable security scanning to their repertoires."

Alex Johns, security analyst, COACT, Inc."Red Hat's
OpenSCAP technology is a proven asset for organizations that must
utilize a validated scanner to meet their security and compliance needs.
OpenSCAP met all of the applicable SCAP 1.2 testing requirements and
correctly implemented the features and functions available through SCAP
for the Red Hat Enterprise Linux 6 32-bit, Red Hat Enterprise Linux 6
64-bit, and Red Hat Enterprise Linux 7 64-bit platforms. It was a
pleasure working with such a proactive development team throughout the
validation process."

Red Hat is the world's leading provider of open source software
solutions, using a community-powered approach to provide reliable and
high-performing cloud, Linux, middleware, storage and virtualization
technologies. Red Hat also offers award-winning support, training, and
consulting services. As a connective hub in a global network of
enterprises, partners, and open source communities, Red Hat helps create
relevant, innovative technologies that liberate resources for growth and
prepare customers for the future of IT. Learn more at http://www.redhat.com.

Forward-Looking Statements

Certain statements contained in this press release may constitute
"forward-looking statements" within the meaning of the Private
Securities Litigation Reform Act of 1995. Forward-looking statements
provide current expectations of future events based on certain
assumptions and include any statement that does not directly relate to
any historical or current fact. Actual results may differ materially
from those indicated by such forward-looking statements as a result of
various important factors, including: risks related to the ability of
the Company to compete effectively; the ability to deliver and stimulate
demand for new products and technological innovations on a timely basis;
delays or reductions in information technology spending; the integration
of acquisitions and the ability to market successfully acquired
technologies and products; fluctuations in exchange rates; the effects
of industry consolidation; uncertainty and adverse results in litigation
and related settlements; the inability to adequately protect Company
intellectual property and the potential for infringement or breach of
license claims of or relating to third party intellectual property;
risks related to data and information security vulnerabilities; the
ability to meet financial and operational challenges encountered in our
international operations; ineffective management of, and control over,
the Company's growth and international operations; and changes in and a
dependence on key personnel, as well as other factors contained in our
most recent Quarterly Report on Form 10-Q (copies of which may be
accessed through the Securities and Exchange Commission's website at http://www.sec.gov),
including those found therein under the captions "Risk Factors" and
"Management's Discussion and Analysis of Financial Condition and Results
of Operations". In addition to these factors, actual future performance,
outcomes, and results may differ materially because of more general
factors including (without limitation) general industry and market
conditions and growth rates, economic and political conditions,
governmental and public policy changes and the impact of natural
disasters such as earthquakes and floods. The forward-looking statements
included in this press release represent the Company's views as of the
date of this press release and these views could change. However, while
the Company may elect to update these forward-looking statements at some
point in the future, the Company specifically disclaims any obligation
to do so. These forward-looking statements should not be relied upon as
representing the Company's views as of any date subsequent to the date
of this press release.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, Red Hat
Satellite and CloudForms are trademarks or registered trademarks of Red
Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is
the registered trademark of Linus Torvalds in the U.S. and other
countries.